Why using a password manager is essential and how to choose a great master password
HTML-код
- Опубликовано: 22 май 2024
- In this episode, we explore why using a password manager is essential and how to choose a great master password.
==============================
SUGGESTED
==============================
Why Firefox is the best browser for privacy and how to configure things properly (see change log) 👉 • Why Firefox is the bes...
==============================
CHANGE LOG
==============================
Opted out from Amazon affiliate program
thank you for this series! ive just started watching and gonna change everything!
Thank god my friends started watching your videos...they thought I went crazy until they saw and UNDERSTOOD the truth about the price we pay...
I am very happy this content is helpful... advocating for privacy is hard. If the privacy guides helps... that means a lot to me.
I just found your video series. Thank you so much for putting these together. I am learning so much, and already making some paradigm shifts.
Thanks for sharing Jason. I am very happy this content is helpful to others. My mind is also rewiring itself (paradigm shifts). The more I learn, the more I discover how little I actually "saw".
I am binging your videos like the best show on netflix !!!! Thank you so much for all this precious content
I love your channel man!!!
useful knowledge
Sun, merci beaucoup de tes vidéos. Je suis nulle en technologie et tu m'as complètement ouvert les yeux ! J'ai crée un playlist avec toutes vos vidéos et je les regarde chaque fois que j'ai du temps libre. MERCI, merci, merci. 🙌
Plaisir! Vraiment content de savoir que ce contenu est utile. 🤓
When you started talking about USB sticks , i was so curious to know what you suggest...then I realised we have exactly same USB sticks XD btw Really helpful video Thankyou ♥️
So glad I found your channel! Question: Does it matter if you use spaces between the words in your master password? Would NOT using spaces make it more secure?
Hello Sun, what opensource password manager would you recommend for windows users?
Thanks man
great video, just subscribed. setting up a new macbook. what about setting up appleID? most videos on this are rubbish. thanks man
Great question. I think it’s OK to use your Apple ID. For sensitive use cases, I would recommend avoiding macOS altogether and using an open source OS such as Linux.
Thanks Sun. Your videos.are rock solid. The only negative is that I now feel forced to watch 10 more of your to up my game but you are forgiven.
Lovely comment... feel you. So much to learn! Btw, I haven't found the bottom or the rabbit hole yet so I'm in the same position as you... perhaps just a few levels down into the rabbit hole.
Hehe I feel exactly the same. 🤪
Hi just Starded watching learning lots thank you please keeping going
Thanks for the push Keith 😊
Excellente video Sun, mais comment accéder à ses mots de passes depuis notre Iphone?
Hi, great videos. Started watching about a week ago and enjoying the content. Keep it up... What is your view on Mac default password manager?
Hey Dominic, thanks for the push. Are you referring to the Keychain? If so, I am a huge fan of security by compartmentalization. I like macOS as the operating system but I like using trusted third parties for advanced security features such as a password manager. I also don’t like that when using Keychain, we are locked into the Apple ecosystem.
Sun Knudsen good point. Well keep up the good work
@@sunknudsen Can you cover in a future video how to deactivate Keychain, but still able to access iCloud and other Apple features?
Simple question; is MacPass just a PW generator or manager also?
By that I mean will it auto login to different websites after creating PWs?
Or is it up to FireFox to set up “Autofill logins & PWs” in settings (Priv & Sec) on FireFox?
I don’t recall if you talked about this in setting up FireFox in the previous video.
I’m confused,
Thank you!
What is the difference between this and iCloud Keychain (apart from the syncing)?
Ok I understand the system. But what if I want to log from my mobile pad or other computer, does this work?
Hey Sun,
is there a difference between MacPass and the built in keychain manager from Apple when the keychains are not being synced via iCloud?
Hey Luk, yes... one is open source and its database cross-platform. The other is proprietary and creates lock-in to the Apple ecosystem. That being said, from a security standpoint, both are fine.
would you suggest macpass for Firefox being used on an iMac
It really depends on the use case... for instance, MacPass doesn't have built-in sync options.
Thanks for this man! Is there a 2 factor authentication for macpass?
MacPass runs locally therefore it can’t benefit from 2FA (which is implemented server-side). That being said, I recommend using 2FA when possible to harden password authentication to services for which you store passwords in MacPass.
@@sunknudsen Thank you for your reply, great channel! Keep up the good work! By the way Knudsen, are you from Denmark?
I am half Danish, but born and raised in Canada.
Can you encrypt the Samsung bar?.. does it come with with software to do so, a la san disk vault?
Not sure... but in the context of macOS, you can format the drive using "Disk Utility" as "APFS (Encrypted)" or "Mac OS Extended (Journaled, Encrypted)" and you're all set.
dude! what about some good software for Windows? I would really appreciate it. thanks for the video
Hey, sorry for not covering Android and Windows. I personally don’t use either so I don’t have much to share. My gut feeling is that Apple (with its Unix core) is more suited to privacy than Windows.
After 3 years do you recommend Bitwarden?
Do I have to change the passwords to all my logins when entering a new entry? or could i keep my old passwords?
Thanks in advance great content!!
Depends if you believe these passwords may have been compromised or if you used the same password for many providers. If so, I would recommend changing them. Don’t forget to enable 2FA when possible. Check out ruclips.net/video/VZlzPKJP4TQ/видео.html and ruclips.net/video/7nu04NBH2Qc/видео.html if you want to learn more about 2FA.
@@sunknudsen will do thank you!
"Good morning, Sun here!" :)
Hello, despite the risks, having password saved in a system like google passwords (or others) is useful if you want to use on the fly on a mobile phone. Are there possibilities to read macpass database from smartphone (android)?
@R4M_Gummi Just get a bitwarden account for now. I'll test it for a period.
just a question. if you say a phrase of 8-10 words and use the 1st letter of each word as the password & add in some symbols would that be strong enough
It is pretty conceivable to brute force a 8-10 character long password. Length is important to mitigate this.
my two cents: those local encrypted vaults are brute force resistant because of the key derivation function the softwares use. cracking those are not the same than cracking a md5 hash (50 billion password/sec).
benchmarks say with a RTX 3090 (September 2020) you can try only about 2,700 passwords/second in vaults like Veracrypt, that means if you password is "only" 4 top-3000 common English words, it would take 3000^4/2700/60/60/24/365 = up to 951 years to break your password, with 8 parallel GPUs up to 118 years. obviously averagely, it would take half of the time but at the same time they don't know the format of your passphrase, wordwordwordword, word word word word, Word word word word, etc. hope my math is correct 😅.
but i agree you need extra security because you don't know if the attacker will keep your password database and try to crack it in 10 years time with a much improved hardware, but my point is that you can use normal words in a passphrase and it will be fine
I’m pretty sure GPU farms with more than 8 GPUs aren’t that expensive to rent. I agree 28 random characters is kind of over kill though. You probably only need like 100 bits of entropy unless you’re storing data worth millions of dollars.
What do you recommend for windows 10 users?
Hey Brian, unfortunately I have no experience on Windows. Perhaps others have suggestions? Perhaps Bitwarden?
@@sunknudsen Would you mind looking into this for the community?
Bitwarden is also a good option. It's open source as well, but what do you think about hosting them in a cloud server?
Great video.
Many have recommended Bitwarden. I will give the project a try soon. I will probably try to self-host the server side on things on my Mac vs the could to limit the attack surface.
I am not a security expert and please don't follow my advice without proper research. But what has helped me as an individual for my password phrases is to make words that don't exist rhyme. And because I speak two languages I often make them rhyme using words from both languages to increase the security. An example would be (and don't use it please!) "αμπρα mambgra y9r m@mz isd ax 10o% σαυργκα" which doesn't make any sense to read but in your mind it's close to it saying "your mom looks like a 100% lizard" which makes it "easier" to remember and it's fairly secure because it doesn't use any words that exist and it's fairly long.
What are your thoughts on lastpass?
Hey Stef, haven't explored LastPass in a while but last time I evaluated the app (a long time ago), I stumbled upon many security researchers criticizing its implementation. I personally ended up choosing 1Password over Dashlane and LastPass.
What do you think about Firefox Lockwise
I haven’t tried Lockwise, but my gut feeling (after a little research) is that it’s a more limited password manager. It also runs as a browser extension on macOS which I tend to avoid to compartmentalize apps vs my password manager to limit their integration (trading convenience for additional security).
As a lockwise user I can say that is very limited compared to other offerings, you cannot specify the lenght or amount of special characters for your passwords, editing them after saving/creating them isn't as easy (it doesnt let you change which website it was assigned to). Also i don't think lockwise is good for compartimentalization because you have to create a firefox account, so I feel like that could be another datapoint for companies to track. Im currently thinking on switching to bitwarden 'cuz it seems better and more private. I fully agree with Sun here, its probably best to have the password manager separate from your browser
Newbie question:
If I use a password manager to create really complicated passwords for all my accounts, how can I log into those accounts on my phone?
Do I manually type them out or...?
Great question! You can either use a password manager that syncs your passwords (see ruclips.net/video/eu3iP1njMRI/видео.html and related comments for free alternatives) or use Signal to send yourself passwords using "Note to Self". Don't forget backups if you use MacPass!
really good question. this is quite annoying. use a manager that also works on your phone or message the pw to yourself using an encrypted chat app or use a manager that can generate passphrases that you can simply read and type
@@sunknudsen saving passwords in signal inside 'note to self' is really a secure way?
Do you need the master passphrase do open the backup file though?
Hey Vincent, yes... actually, in the context of MacPass, the whole password database is backed up so the same passphrase is used.
Great video- but you didnt show how macpass makes it easier to access your accounts - for example will macpass autofill the password for you when you enter reddit? or do you have to open macpass everytime to open any account ? The video is a nice intro to macpass but a few things need clarity for beginners - like why use a password manager if you keep passwords writedown in a locked safe? and what happens when you die? will your family ever be able to access your bitcoin accounts or emails to trace down any inheritance?
Hey Andre, great feedback. Have you watched ruclips.net/video/eu3iP1njMRI/видео.html Btw, I am planning an episode on "what happens when you die".
you didn't mention that folks should update their backed up version every time they change something in their database. its obvious but not for everyone
As an owner of only Apple devices, the iCloud Keychain is just too convenient (especially after they added the support of TOTP codes)
What i learned from watching your "Why privacy matters" video: "If something is free, ask why". Can i trust Macpass and how can it be free?
Great question and glad more and more people are asking why! MacPass is open source and runs on our Macs with no server-side sync or other shenanigans. Therefore the marginal cost of welcoming additional users is close to 0.
@@sunknudsen Thanks for the reply!
Hi Sun, Which password manager are you using ...1password or macpass, and why?
I am currently using 1Password (with local vault and local sync). I find it has the right balance between security, sovereignty and usability. That being said, I might try self-hosting Bitwarden some day.
@@sunknudsen Bitwarden? Oh yes please ...looking forward and thanks for the reply.
i use a windows laptop which free password manager should i use ???
Lastpass or Bitwarden
@@14981fc thanks !!!!
Hey Lian, not a big fan of Lastpass, but Bitwarden is open source and has a great reputation.
What is your firefox theme?
great video,but i was following your steps to the app and mess up with the first password
i know!!! i didnt write i…. what do i do???? sorry im bad at passwords how do i start fresh!!
Did things go sour before you generated any meaningful passwords? If so, you can delete the database file and start over.
@@sunknudsen thanks for replying!
yes i was creating the master password,so i did erase everything and downloaded the app again,But it still whent to ask me the password??
I didn’t do any important passwords.
Is the very first master password that mess up with. Im very new to this just got my Mac im still learning how to use it,And i found your videos. Its been very usefull,
i try to follow you step by step on my Mac. YOU ARE AWSOME!!!! thank you for all your videos….i love them all
Did you also delete the encrypted database?
Pleasure 🤓
I have a question about this. Couldn't you just use something like a .txt file that is encrypted on a flash drive?
What if the OS caches the data in your txt file unencrypted or saves old versions of without your realizing? It also gets messy unless you have only like a dozen logins or something
Strongbox?
Why macpass instead of keepassxc for example?
Hey Rodrigo, very old episode… I have since switched to KeePassXC. Episode to come… stay tuned.
@@sunknudsen Great to hear - looking forward to the episode. I am struggling to find a way to sync my keepassxc file between iphone and mac. It would be great to see what your approach on this is.
But why do you need your passwords while running?
You forget to tell how to share it on your mobile, otherwise how you sign in to linked in from your phone
i just use a good ol pen and mini notebook and keep it in my fireproof safe, right by my desk.
RUclips is deleting my comments all the time. What should I do? I would want to ask a question about password managers.
Why don't you do any Linux content?
Great question... I have published Linux content, but more in the context of single-use computers or server-side stuff. I am considering switching my daily driver to Linux. If ever that happens, a lot more Linux content will makes its way to the privacy guides.
@@sunknudsen Nice to hear that
Why 28, random or?
Put simply, the longer the password (if truly random), the harder it is to brute force it... this become increasing important given computing power is pretty cheap and the advent of quantum computing might change the game.
@@sunknudsen Yeah i get that, I thought you may have had a reason to specifically choose 28 over 27 or 29 lol (:
you said " 'the dog is beautiful' is 3 words" but its actually 4 words - but point well made
can i just write my passwords down on a piece of paper
Sure, that that's not great from an opsec perspective. Depends on your use case.
What if someday the password manager shuts down?
Most password manager apps (if not all) allow users to access passwords even when they stop paying. The app will essentially keep working even if the company that developed it goes under.
@@sunknudsen this is the reason why I prefer Keepass. A larger user base, even companies, use this. I'm paranoid of apps not working in the future and losing access to important data
d
I don’t think I like this recommended solution because it is Mac only it does not have apps on android and iPhone or browser extensions. Bitwarden is open source and supports every platform you can think of.
Not sure I can take advice from someone who uses an Apple computer.
How can a word not be in a dictionary. Even when you straight up make up words alot of times these words even exist in other languages xD I mean u can't dodge every dictornary of every language on earth right xD?
True... that being said, hackers (not nation states) tend to be lazy... therefore using low-probability passwords is much more secure.